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1 . Following the mandate set by the Federal Information Security Management Act of 
2002 (FISMA), the National Institute of Standards and Technology (NIST) created 
guidelines for securing sensitive but unclassified information in federal institutions. 
These guidelines affect how information is stored, transferred, and secured in NASA, 
particularly when dealing with computers. My mentor’s job is to make sure that the 
standards set by NIST are met at Kennedy Space Center’s NE Directorate lab 
facilities. However, keeping track of every lab’s security vulnerabilities in KSC can 
be overwhelming. My job is to make it easier for my mentor to organize information 
for each lab. 

2. The Lab inventories, vulnerabilities, and other related documents will be provided to 
me by my mentor’s co-worker, Ross Nordeen. I will then translate all of the 
information given to me into an easily navigable database. To organize this 
information, I must first make a few basic tables, within a master database, to 
combine all of the related data together. From those tables, I will create queries that 
will show specific information from the tables. From those queries and tables, I can 
create forms that organize the data into a more visually appealing presentation. Aside 
from showing information, the forms can also run programmable functions for 
purposes such as navigation. I plan to have all of the major forms linked together 
through the use of navigational, macro-embedded buttons. 

3. The NE labs located throughout Kennedy Space Center are assessed by the auditors 
in the division that I work with. In each lab, the auditors receive a copy of the current 
inventory list, a lab description document that provides the auditor with basic 
information about the lab and diagrams of the lab’s floor plan and network 
configurations. The auditors have a checklist of requirements that each asset in the 
lab must meet. The auditor reports findings for the security requirements that are not 
implemented and assigns a vulnerability level of low, moderate, or high to the 
missing requirement based on NIST’s standards. 

4. Throughout this internship, I mainly learned lessons about management, both on the 
business and personal level. While compiling all of the information provided to me, I 
also learned more about Microsoft Access and its various functions. Before my 
internship, I only knew how to make simple queries, forms and reports in Access. 
Now, I am able to create navigational forms, known as switchboards, I have also gain 
knowledge of several life lessons as well; most predominantly, the value of patience. 

5. I appreciate all of the help and guidance that I received from Mr. Robert Van 
Arsdalen, Mr. Ross Nordeen, and Mr. Clyde Box throughout this internship. 
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IT Security at KSC 

For over forty years, the Kennedy Space Center, or KSC, has been the main spacecraft 
launching site for the National Aeronautics and Space Administration (NASA). KSC is more 
than just a launching facility, though. KSC houses many different types of labs that focus 
primarily on technological and biological advancement for space exploration. These labs contain 
an abundant amount of information that can be used for other humanitarian purposes. Likewise, 
there is information stored in KSC that could potentially be used for malicious purposes. Should 
any of this information ever fall into the wrong hands, the United States could be threatened. 
Therefore, there is a need to protect all of the sensitive information in KSC; this job is done by 
IT security assessors. 

The need for IT security in government facilities was presented by the Federal 
Information Security Management Act of 2002 (FISMA). FISMA set out a mandate that 
emphasizes the importance of protecting information in federal agencies; however, FISMA does 
not provide actual explicit guidelines. From this mandate, the National Institute of Standards and 
Technology (NIST) created guidelines for securing sensitive but unclassified information in 
federal institutions. While these guidelines are not entirely explicit, NIST provides the main 
guidelines for securing information. These guidelines affect how information is stored, 
transferred, and secured in NASA, particularly with the management of electronic information 
located on computers. My mentor’s job is to make sure that the standards set by NIST are 
implemented by Kennedy Space Center’s NASA Engineering (NE) Directorate lab facilities, as 
well as the systems being developed by Constellation for the Launch Control System and Ground 
Systems. However, keeping track of every lab’s security vulnerabilities in KSC can be 
overwhelming. My job is to make it easier for my mentor to organize information for each lab. 

The NE labs located throughout Kennedy Space Center are assessed by the auditors in the 
division that I work with. In each lab, the auditors receive a copy of the current inventory list, a 
lab description document that provides the auditor with basic information about the lab and 
diagrams of the lab’s floor plan and network configurations. The auditors have a checklist of 
requirements that each asset in the lab must meet. The auditor reports findings for the security 
requirements that are not implemented and assigns a vulnerability level of low, moderate, or high 
to the missing requirement based on NIST’s standards. 


Special Pubhcation 800-63 


Recommended Security Control* tor Federal Information System* and Organizations 


CM -8 INFORMATION SYSTEM COMPONENT INVENTORY 

Control The organization develops, documents and maintain* an mv emery of information system 
components that 

a Accurately reflects die current information system. 

b. Is consistent with the authorization boundary' of the information system. 

c. Is at the level of granularity deemed necessary for tracking and reporting. 

d Includes [Assignment organization -defined information deemed necessary to achieve 
effectiv e property accountability ], and 

e. Is available for review and audit by designated organizational officials 

Supplemental Guidance Information deemed to be necessary by the organization to achieve 
effective property accountability- can include, for example, hardware inventory specifications 
(manufacturer, type, model, serial number, physical location), software license information, 
information systesn'coinponmt owner, and for a networked component device, the machine name 
and network address Related controls CM- 2. CM -6 

In this particular control, NIST provides guidelines for maintaining a system inventory. 

The Lab inventories, vulnerabilities, and other related documents were provided to me by 
my mentor’s co-worker, Ross Nordeen. I translated all of the information given to me into an 
easily navigable database. To organize this information, I made a few basic tables, within a 
master database, to combine all of the related data together. From those tables, I created queries 
that show specific information from the tables. From those queries and tables, I created forms 
that organize the data into a more visually appealing presentation. Aside from showing 
information, the forms also run programmable functions for purposes such as navigation. I have 
all of the major forms linked together with navigational, macro-embedded buttons. 


Figure 1 Figure 2 





"Lab Locator" page lists the lab names. Clicking on a lab name will open its respective form. 


Prior to working at KSC, I was not entirely sure as to what kind of work was done at 
NASA other than what I have seen in the media. I knew that KSC was more than just a place 
dedicated to spacecraft launching, but I had no idea as to what went on inside of the rest of the 
center. Throughout this internship, though, I learned how the management in KSC works. 

While compiling all of the information provided to me, I learned more about Microsoft Access 
and its various functions. My knowledge of Microsoft Access was also limited prior to 
beginning my internship. Before my internship, I only knew how to make simple queries, forms 
and reports in Access. Now, I am able to create navigational forms, known as switchboards, and 
programmable macros. 



Aside from learning about STEM related practices and lessons, I have also gained 
knowledge of several life lessons as well; most predominantly, the value of patience. One of the 
first things that my mentor told me was that the area that he works in is very busy, and that a 
good sense of patience was needed. Many times, I found myself frustrated when I found that I 
either had too much or too little to do at work. However, I learned that patience reaped rewards. 
In other words, I found through my experience that whatever stress I had to deal with presently 
paid off in the end. An example of when I needed to rely on patience is when I began working 
for my mentor. After sitting through two days of orientation, I was eager to work on whatever 
project was assigned to me. However, I was not going to receive my work assignments until the 
day after my first workday. In order to be proactive about waiting for my project, I decided to 
spend my free time by refreshing my knowledge of Microsoft Access. Doing this not only 
changed attitude, but it also prepared me for the next day’s assignment. 

On account of the great opportunity presented to me by this internship program, I am glad 
to have been fortunate enough to be a part of a NASA center working environment. This 
summer, I was able to indirectly work with some of the NASA labs as a part of an IT security 
assessment. I have learned about some of the STEM related disciplines in NASA as well as 
many life lessons that I will take to heart for the rest of my life. I have also learned about a 
different kind of job at KSC that while it does not contribute to space exploration, it helps protect 
the center from exposing sensitive information. 

I am grateful that an internship like INSPIRE exists to offer opportunities to students, like 
me, who strive for a career in science, technology, engineering, or mathematics. For this, I 
would like to thank Mrs. Priscilla Moore, Mr. Jim Gerard, and many others for coordinating the 
INSPIRE experience for KSC. I appreciate all of the help and guidance that I received from my 
mentor, Mr. Robert Van Arsdalen, and his co-workers, Mr. Ross Nordeen and Mr. Clyde Box. I 
am especially grateful for the various tours and other events that I was a part of and the 
individuals responsible for directing these events, including: Mr. Lynn Svedin, Mrs. Laurie 
Griffin, Mrs. Karen Mendoza, Mr. Eduardo Lopez Del Castillo, and Mr. Rey Diaz. I would also 
like to thank my family, Rey, Iris, and Angelica Diaz, for being extremely supportive of me. If it 
were not for everyone’s collective effort, I would have not been a part of the INSPIRE program 
this summer. 


